I have few rdp ports opened from wan to lan machines.
Looking to ip connections I’ve noted two public ip trying to connect (forcing?) to these ports/machines using many source ports
Is there a script to add these ip to filrewall filter (forward, drop) automatically after a number of connections or tries , as I have quickly (but anyway too lately) done ?
Thanks
1st: never ever open rdp to public.
Use a VPN or allow RDP port only for certain trusted static IPs or ddns
Use anydesk!
If correctly done, your computer on near future is under control of someone, without you know it,
because you can only block one IP after some try, but remote desktop for each try close connection after some failed login…
every bot on botnet, each with different IP, can try to hack your remote desktop without know passwords…
Second this, open ports are a bad ides.
Well … I have these port closed now in favour of l2tp/ipsec vpn when needed
I’m asking myself if to have port-forwarding active for any type of service is however a threat nowadays…
Any time you open a port for some specific program, there is a chance it will end badly.
But at least in the case of RDP, we know there are lots of vulnerabilities. Some patched, some not yet found and a lot of them with released patches but not applied.
For example: https://nvd.nist.gov/vuln/detail/CVE-2019-0708 . Long story short: wormable on the whole internal network without authentication.
I know it is an old cve, but there are tons of systems on the internet still vulnerable and exposed.